Resources

There are three components to information security, often summarised as C.I.A.:

• Confidentiality - information must not be made available or disclosed to unauthorised individuals, entities, or processes
• Integrity - data must not be altered or destroyed in an unauthorised manner, and accuracy and consistency must be preserved regardless of changes
• Availability - information must be accessible and useable on demand by authorised entities

Since our business launched, we’ve helped to develop and deliver thousands of different IT policies across multiple sectors. Through that work, we’ve created a library of policies and protocols that cover the vast majority of business requirements. The content is written in plain English and aligned with international standards and best practise. That means that when we work with a new client, most of our effort goes towards identifying the appropriate documents for that business and then customising them so they are an ideal fit. This is much faster than writing such documents from scratch, and it saves our clients a lot of money as well.

A copied best practice manual is unlikely to correlate closely with how your business operates. As a result, your policies will not be meaningful, won’t clearly show how they align with standards or best practise, and are likely to be ignored.

There are important differences.

• IT Security Policies generally outline the objectives of your information security programme. A well written IT security policy should provide clear statements for managers and employees that give direction on what they must or must not do when interacting with systems and data.
• IT Procedures document “how to” complete an IT task or process. They can be quite detailed and lengthy and are invaluable in ensuring important tasks are completed smoothly.